Microsoft’s Law Enforcement Requests Report Now Available (First Half of 2013)

September 27, 2013No Comments

Microsoft has made available its 2nd law enforcement request report (first half of 2013). This report features all of the requests by law enforcement to see and obtain user information.

What does the data show?

Microsoft (including Skype) received 37,196 requests from law enforcement agencies potentially impacting 66,539 accounts in the first six months of this year. This compares to 75,378 requests and 137,424 potential accounts in the whole of 2012.

Approximately 77 percent of requests resulted in the disclosure of “non-content data”. No data at all was disclosed in nearly 21 percent of requests.

Only a small number of requests result in the disclosure of customer content data, just 2.19 percent of total requests. 92 percent of the requests that resulted in the disclosure of customer content were from United States law enforcement agencies. This is again, broadly in line with what we saw in 2012.

As with the 2012 report this new data shows that across our services only a tiny fraction of accounts, less that 0.01 percent are ever affected by law enforcement requests for customer data. Of the small number that were affected, the overwhelming majority involved the disclosure of non-content data.

While we see requests from a large number of countries, when you look at the overall number, the requests are fairly concentrated with over 73% of requests coming from five countries, the United States, Turkey, Germany, the United Kingdom, and France. For Skype the requests were similarly concentrated, with four countries, the US, UK, France and Germany, accounting for over 70 percent of requests.

Law enforcement sought information about only a tiny fraction of the millions of end users of our enterprise services, such as Office 365. We received 19 requests for e-mail accounts we host for enterprise customers, seeking information about 48 accounts. We disclosed customer data in response to five of those requests (4 content; 1 only non-content), and in all but one case, we were able to notify the customer. We rejected the request, found no responsive data, or redirected law enforcement to obtain the information from the customer directly in thirteen of those cases. One request is still pending.

For all 19 enterprise requests, the legal demands were from law enforcement entities located in the U.S., and sought data about accounts associated with enterprise customers located in the United States. In addition, to date, Microsoft has not disclosed enterprise customer data in response to a government request issued pursuant to national security laws.